Networking 101: Subnets Realized (Including IPv6)

An oft-asked question in networking classes is "why can't we just put everyone on the same subnet and stop worrying about routing?" The reason is very simple. Every time someone needs to talk, be it to a router or another host, they have to send an ARP request. Also, there are broadcast packets that aren't necessarily limited to ARP, which everyone hears. When there are only 255 devices on a /24 subnet, the amount of broadcast packets is fairly limited. It is important to keep this number low, because every time a packet destined for a specific host or a broadcast address is seen, the host must handle the packet. A hardware interrupt is created, and the kernel of the operating system must read enough of the packet to determine whether or not it cares about it.

Broadcast storms happen at times, mainly because of layer 2 topology loops. We'll explain layer 2 topology issues in excruciating (actually, enlightening) detail in a future edition. When thousands of packets hit a computer at a time, slow and fast computers alike can become very slow. The kernel spends so much time handling interrupts that it doesn't have much left for dealing with "trivial" things like making sure your Web browser process gets a chance to run. So that, my friends, is why subnets are very important. This is also known as a broadcast domain, because it limits the amount of broadcasts that you will hear.

What's the point of creating subnets anyway? How do I remember those strange looking subnet masks? How the heck does this work with those crazy looking IPv6 addresses? This edition of Networking 101 will expand on the previous Subnets and CIDR article, in the interest of promoting a thorough understanding of subnetting.

The natural follow-up question normally involves a host's notion of a broadcast address and netmask. We hopefully understand that a host needs to understand what computers are on the same subnet. Those IP addresses can be spoken to directly, making a router unnecessary. When the netmask or broadcast address is incorrectly configured, you'll quickly find that some hosts are unreachable.

The most common erroneous configuration happens when someone configures an IP address without specifying the netmask and broadcast address. For some reason, most operating systems don't take the liberty of updating these things, even though one can be determined from the other. If you run 'ifconfig eth0 130.211.0.1 netmask 255.255.255.0' you might expect that everything is ready to go. Unfortunately, it's very likely that your broadcast address was set to 255.255.0.0. It largely depends on the router's configuration, but normally this results in all broadcast packets being dropped. Conversely, if the netmask is configured incorrectly, the computer wouldn't know where the subnet starts and begins. If a computer thinks a host is on the same subnet when it actually isn't, it will attempt to ARP for it instead of the router. Routers can be configured to handle this and pretend they are the host (called Proxy Arp), but normally the result is unreachable hosts.

Understand how the netmask is configured, to avoid this problem. Figuring out the network and broadcast address isn't very difficult when you remember that the netmask simply means "cover some bits," but deciphering netmask representation can induce a double-take. The netmask for a /24 network is 255.255.255.0, that's easy. But what does 255.255.240.0 mean? The best way to decipher it is to begin with the masked off part. Comparing it to the /24, which had three octets masked, we see that 255.255.240.0 has two octets masked, and part of another. We know it's between a /16 and a /24. We have to understand binary, and realize how many bits are masked. The last 16 bits are clearly part of the network portion. The third octet, 240, allows 16 IP addresses beyond the mask, so it must mean that four bits are left (2^4=16). The four remaining bits, plus the 16 bits used for the first two octets means that we're dealing with a /20!

What about 1.0.0.0/255.255.255.248? We're definitely in a land smaller than the /24 subnet. If we look at the remaining bits in the last octet, we can see that there are eight IP addresses available. Remember that only 2^3 can make eight, so we're using all but three bits in the network portion. This is a /29 network. Of course, the easy ones are pretty clear: 255.255.255.128 allows half as many host addresses in the last octet compared to the /24 network, so it's a /25.

On the topic of confusing netmasks, IPv6 addresses certainly have a place. The netmask isn't really an issue—the same concept applies, just with larger numbers to remember. The real problem lies within the address representation itself; the IETF seemed to take pride in creating confusion. Typically an IPv6 address is represented in hex, or base-16. Our old friend IPv4 could represent an IP address in hex too, which would look like B.B.B.B for the address 11.11.11.11. Unfortunately, IPv6 isn't quite that nice looking. To represent 128 bits, IPv6 normally breaks up the address into eight 16-bit segments.

An IPv6 address looks like: 2013:4567:0000:CDEF:0000:0000:00AD:0000. It does get a bit easier. For example, leading zeros are not written, and contiguous quads of zeros get collapsed to ::. Trailing zeros, however, must be shown. This is a bit confusing, but the rules always allow for a non-ambiguous IP address. Leading zeros in each quad can always be removed, but the collapsing of contiguous blocks of zeros can only happen once per address. The above address with collapsed zeros will look like: 2013:4567:0000:CDEF::AD:0000. IPv6 provides 2^128 addresses, more than enough to allocate roughly 1000+ IP addresses per square meter of Earth.

If you remember the rules of binary, the address representation rules with IPv6, and a few simple subnets for reference, you'll be Master of Subnets - the one everyone asks for help.